CVE-2023-25647 – Permission and Access Control Vulnerability in Some ZTE Mobile Phones
https://notcve.org/view.php?id=CVE-2023-25647
There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032264 • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVE-2021-21742
https://notcve.org/view.php?id=CVE-2021-21742
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages. Se presenta una vulnerabilidad de filtrado de información en la aplicación del servicio de mensajes de ZTE mobile phone. Debido a una configuración inapropiada de los parámetros, unos atacantes podrían usar esta vulnerabilidad para conseguir cierta información confidencial de usuarios al acceder a páginas específicas. • https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019084 •